View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Major secure phone applications vulnerable

Some of the vulnerabilities have already been addressed.

By CBR Staff Writer

Several vulnerabilities have been discovered in the in one of the core security components of several secure telephony apps, including the Silent Circle system created by Phil Zimmermann.

The vulnerabilities in the GNU ZRTPCPP library have already have been tackled in a new version of the library, while the issue has also been fixed, with update available in both the Android and Apple versions.

ZRTPCPP is a core library that employs the ZRTP protocol to launch secure sessions over a pre-existing connection.

Azimuth Security director and founder, Mark Dowd, discovered three vulnerabilities, including Remote Heap Overflow, Multiple Stack Overflows and Information Leaking/Out of Bounds Reads.

The three loopholes could enable attacker to obtain remote code execution and these bugs can be exploited by remote, unauthorised users.

The first vulnerability is a heap buffer overflow in a function that allows temporarily storing a packet, while the second flaw enables hackers to collapse a vulnerable app, with the third being a vector for obtaining access to sensitive information regarding the cryptographic operations of the protocol.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.